I am interested in learning how to replace domoticz certificate on a windows 10 machine. Lets assume that i own a certificate from comodo or another authority and i want to change my domoticz server to run that certificate. How this is accomplished?

it worked immediately. e.g. it works remotely with my iPhone using Domotix app with SSL.

However, it does not work properly with Browsers:
Safari - will not connect - invalid certificate and you cannot continue
Explorer, Edge & Chrome - shows as 'insecure' which you can ignore and carry on.

I am trying to connect Alexa via 'Controlicz', but Alexa will not 'find' my 'FloorPlan/RoomPlans or Switches' - invalid certificate!!!

Tried 'Let’s Encrypt' the free, automated, and open Certificate Authority - but I need a .PEM file and I am struggling with this.

Just had this problem myself and since the information doesn't seem to be easily available, thought I'd share the solution.

Domoticz takes various parameters when it starts up. That's all the domoticz.sh file is doing. On a Windows platform those parameters are passed in one of two different places depending on whether you have it installed as a service or not.
If you're not running as a service, the parameters are passed in the shortcut that you use to run the program (either in your Start Menu or on the desktop usually).
If you are running as a service, this is handled by a third party utility called NSSM (Non-Sucking Service Manager - https://nssm.cc). This handles the starting and stopping of Domoticz as a service and hence it is NSSM that passes those parameters to Domoticz. The parameters are specified in the registry here:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Domoticz\Parameters\AppParameters
By default it will have a value of

Substitute the installation path and name of your certificate file as appropriate for your installation.

As for the certificate file itself, it needs to be in PEM format and it needs to include your private key as well as the public. Often this means it will be in PFX format. You can convert it to PEM using the free OpenSSL. You can find a location to download pre-compiled binaries (ready to use) here: https://wiki.openssl.org/index.php/Binaries
I used the binaries from https://indy.fulgan.com/SSL and used the most recent version (right at the bottom of the list) which at the time was openssl-1.0.2n-x64_86-win64.zip
Unzip to a folder.
Open a CMD prompt

Be aware that the "-nodes" command is short for "no DES" and this means that the PEM file will not be encrypted or password protected. Make sure this file is kept safe as anyone with it could impersonate your server or decrypt your SSL traffic.